Amendments to the Claims: 



This listing of claims will replace all prior versions, and listings, of claims in the 

application: 

Listing of Claims; 

1. (currently amended) Method for authenticating clients in a client-server 
environment, wherein said client- server environment uses a communication protocol that 
allows extensions of the header request a request header without violating said 
communication protocol, wherein said method comprises the steps of: 

generating a header request header at a client computer , 
inserting client authentication information into said header r equest header at a 
client computer by a client browser, without violating HTTP protocol, r esulting in an 
extended header r equest header independently of ^le-an authentication process used by 
said-a^server and without said server requesting authentication information, 
sending said extended header request header to a -said server, 
and receiving information from said server if authentication has been successful. 

2. (canceled) 

3. (currently amended) Method according to claim 1, wherein said authentication 
information is included in the first header request a first request header for establishing a 
session with said server. 

4. (currently amended) Method according to claim 1, wherein said authentication 
information comprises die-a_cUent certificate containing client's name and client public 
key, and a digital signature which has been generated over a hash value of the header 
request header including client certificate using Client private key. 
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5. (currently amended) Method according to claim 1, wherein said authentication 
information is automatically inserted into said header r equest header b y the client's client 
browser. 

6. (previously presented) Method according to claim 5, wherein said client browser 
receives said authentication information from a smart card via a smart card reader. 

7. (currently amended) Method according to claim 1, wherein said authentication 
information is automatically inserted into said header r equest header b y a client signature 
component which receives said authentication information from a smart card via a smart 
card reader. 

8. (currently amended) Method for authenticating clients in a client-server 
environment, wherein said client- server environment uses a communication protocol that 
allows extensions of the header request a request header without violating said 
communication protocol, wherein a system establishes communication between s«d-a 
client and said-a_server, wherein said method comprises the steps of: 

receiving a header request header from said client, 

inserting authentication information into said header r equest header at a client 
computer by a client browser, without violating HTTP protocol, r esulting in an extended 
header r equest header independently of fee-an authentication process used by said server 
and without said server requesting authentication information, 

sending said extended header r equest header to a- said server, and 

receiving information from said server, if the-authentication has been successful. 

9. (previously presented) Method according to claim 8, wherein said system can be a 
proxy server, a gateway, or a tunnel. 

10. (currently amended) Method according to claim 8, wherein said communication 
protocol is the HTTP protocol, and said authentication information is automatically 
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inserted into said HTTP-request header by said an insertion component which receives 
said authentication information from a signature component. 

11. (currently amended) Method according to claim 8, wherein said authentication 
information comprises the-a^client certificate containing client's a_name and client' s a 
public key of the client , and a digital signature which has been generated over the whole 
header r equest header including the client certificate using Client's a_private ke y of the 
client . 

12. (currently amended) Method for authenticating clients in a client-server 

environment, wherein said client-server environment uses a communication protocol that 
allows extensions of the header request a request header without violating said 
communication protocol, wherein at s«d-a_server side said method comprises the steps 
of: 

receiving a client header r equest header generated at a client computer, the 
request header containing authentication information inserted into the request header by 
the client computer at a client browser , without violating HTTP protocol. 

validating said authentication infomiation contained in said header request header 
by s«d-a_server authentication component, and 

providing information to said client, if fee-an authentication has been successful. 

13. (currently amended) Method according to claim 12, wherein said authentication 
information comprises die-a.chent certificate containing client's a_name and client' s a 

public key of the client , and a digital signature which has been generated over the whole 
header request header content using Client's a private ke y of the client . 

14. (currently amended) Method according to claim 12, wherein said communication 
protocol is the HTTP protocol, and said server authentication component performs the 
steps of: 

accessing s^d-a_public key contained in #ie-a_client certificate. 
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decrypting say-a_digital signature contained in the HTTP-request header with said 
public key using a hash algorithm r esulting in a hash value, 

applying the same hash algorithm as used by said client to said HTTP-request 

header, and 

considering authentication as successful, if both hash values match. 

15. (currently amended) Server System for authenticating clients in a client service 
client-server environment, wherein said client-server environment uses a communication 
protocol that allows extensions of the header request a request header without violating 
said communication protocol, wherein s«d-a_client provides authentication information 

in the header request header to s^d-a_server system, wherein said server system 
comprising: 

a server machine configured to receive the request header . 

an authentication component to operate on the server machine and with ^ 
functionality to read said authentication information contained in the incoming client 
header r equest header , and to validate said authentication information without having 
requested said authentication information from said client^ 

wherein the request header is generated by the client and the authentication 
information is inserted into the request header at the client by a client browser, without 
violating HTTP protocol . 

16. (currently amended) Client System to be authenticated by a server system in 
client-server environment, wherein said client-server environment uses a communication 

protocol that allows extensions of the header request a request header without violating 
said communication protocol, wherein said client system comprises: 
a browse r operating on a client computer , and 

a component operating on the browser for inserting client authentication 
information into said header r equest header independently of fee-an authentication 
process used by said server and without server requesting authentication information^ 
without violating HTTP protocol . 
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17. (currently amended) Client System according to claim 16, wherein said 
authentication information comprises ^ie-a_client certificate containing client's a_name 
and client' s a_public key of the client , and a digital signature which has been generated 
over tfee-a^hash value of the header r eques t header content using Client's a_private key of 
the client . 

18. (currently amended) Client System according to claim 16, further comprising 
a smart card reader, and 

a smart card with a security module containing client's a_private key of the client 
and a client certificate containing a_client name and a_private key, wherein said smart 

card provides said client certificate together with a digital signature to said inserting 
component, wherein said digital signature is the result of an encryption of a hash value of 
said header r equest header containing said client certificate informati en-by means of said 
private key. 

19. (canceled) 

20. (currently amended) Computer program product comprising a storage media for 
storing program instructions, said program instructions, when executed on a computer, 
causing the computer to perform a method for authenticating clients in a client-server 
environment, wherein the client-server environment uses a communications protocol that 
allows extensions of a header r eques t header , said method comprising the steps of: 

generating a header r equest headei- at a client computer , 
inserting client authentication information into said header request header at a 
client computer by a client browser, without violating HTTP protocol, r esulting in an 
extended header r equest header independently of ^le-an authentication process used by 
s^d-a_server and without the server requesting authentication information, 
sending said extended header r equest header to a -the server, 
and receiving information from said server if an authentication has been 
successful. 
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